Federal law enforcement agencies in the U.S. and Europe have shut down more than 400 Web sites using .onion addresses and made arrests of those who run them, which calls into question whether the anonymizing The Onion Router (Tor) network itself is still secure.\nThe Web sites - which authorities say sold a range of illegal wares including drugs, firearms with the serial numbers filed off, phony credit cards, fake IDs and counterfeit money \u2013 have been taken down by seizing the servers that host them.\nSeizing the servers and the arrests indicate that law enforcement agencies have found a way to trace the physical locations of devices connected to Tor and to track down the individuals responsible for them \u2013 two things Tor was designed to prevent.\nEven the name of the coordinated effort - Operation Onymous \u2013 indicates that the agencies involved undermined the anonymity component of Tor, which they refer to as the Darknet. \u201c[T]his time we have \u2026 hit services on the Darknet using Tor where, for a long time, criminals have considered themselves beyond reach. We can now show that they are neither invisible nor untouchable,\u201d says Troels Oerting, head of the European Cybercrime Center in a press release from the agency.\nLaw enforcement officials didn\u2019t say how they had found the physical locations of devices and their owners, and Oerting says it\u2019s not going to.\n\u201cThis is something we want to keep for ourselves,\u201d he told Wired. \u201cThe way we do this, we can\u2019t share with the whole world, because we want to do it again and again and again.\u201d\n\u201cToday we have demonstrated that, together, we are able to efficiently remove vital criminal infrastructures that are supporting serious organized crime. And we are not 'just' removing these services from the open Internet; this time we have also hit services on the Darknet using Tor where, for a long time, criminals have considered themselves beyond reach. We can now show that they are neither invisible nor untouchable. The criminals can run but they can\u2019t hide. And our work continues....\u201d, says Troels Oerting, Head of EC3.\nThis makes it unclear whether these authorities have broken Tor to the point that it can no longer mask the location of its infrastructure or whether they found them using other intelligence.\nTor relies on volunteers who host nodes of the network. Traffic bounces around within Tor in order to disguise where it comes from, but exit nodes and entrance nodes would yield the most useful information about actual IP addresses connecting to Tor.\n\u201cLaw enforcement could try to get in that first layer and see the sources and therefore try to reduce the anonymity as much as possible,\u201d says Ben Johnson, chief evangelist at Bit9+Carbon Black. \u201cCombine this with some older versions of the Tor software having some vulnerabilities and this could be how some of these users and sites are tracked down.\n\u201cIt will be interesting to see how quickly Tor becomes a bunch of systems that are actually owned by intelligence services, much like double agents, or something along those lines.\u201d\nBut because of its popularity and churn among those who set up nodes, he says he thinks the service will be reliably secure. \u201cI believe enough people use and support Tor that new nodes (both relays and bridges) will spawn and continue to make Tor a viable anonymity service,\u201d he says.\nThe U.S. Department of Justice detailed some of the sites taken down as follows:\n\n\u201cPandora\u201d\u00a0(pandora3uym4z42b.onion),\u00a0\u201cBlue Sky\u201d\u00a0(blueskyplzv4fsti.onion),\u00a0\u201cHydra\u201d(hydrampvvnunildl.onion), and\u00a0\u201cCloud Nine\u201d\u00a0(xvqrvtnn4pbcnxwt.onion), all of which were dark markets similar to Silk Road 2.0, offering an extensive range of illegal goods and services for sale, including drugs, stolen credit card data, counterfeit currency, and fake identity documents.\n\u201cExecutive Outcomes\u201d\u00a0(http:\/\/iczyaan7hzkyjown.onion[external link]), which specialized in firearms trafficking, with offerings including assault rifles, automatic weapons, and sound suppressors.\u00a0 The site stated that it used \u201csecure drop ship locations\u201d throughout the world so that \u201canonymity [was] ensured\u201d throughout the shipping process, and that all serial numbers from the weapons it sold were \u201cremove[d] . . . and refill[ed] with metal.\u201d\n\u201cFake Real Plastic\u201d\u00a0(http:\/\/igvmwp3544wpnd6u.onion[external link]), which offered to sell counterfeit credit cards, encoded with \u201cstolen credit card data\u201d and \u201cprinted to look just like real VISA and Mastercards.\u201d\u00a0 The cards were \u201c[g]uaranteed to have at least $2500 left on [the] credit card limit\u201d and could be embossed with \u201cany name you want on the card.\u201d\n\u201cFake ID\u201d\u00a0(http:\/\/23swqgocas65z7xz.onion[external link]), which offered fake passports from a number of countries, advertised as \u201chigh quality\u201d and having \u201call security features\u201d of original documents.\u00a0 The site further advertised the ability to \u201caffix almost all kind of stamps into the passports.\u201d\n\u201cFast Cash!\u201d\u00a0(http:\/\/5oulvdsnka55buw6.onion[external link]) and\u00a0\u201cSuper Notes Counter\u201d\u00a0(http:\/\/67yjqewxrd2ewbtp.onion[external link]), which offered to sell counterfeit Euros and U.S. dollars in exchange for Bitcoin.\n\n\u201cThis action constitutes the largest law enforcement action to date against criminal websites operating on the \u201cTor\u201d network,\u201d according to a press release from the DoJ.